Cyber Security News
WordPress Ad-Fraud Plugins Trigger Massive 1.4 Billion Daily Ad Requests
Cybersecurity researchers have uncovered a sprawling ad-fraud operation exploiting WordPress plugins to trigger over 1.4 billion fraudulent ad requests every day.
Dubbed “Scallywag,” this scheme leverages customizable extensions to monetize...
CVE/vulnerability
Over 100,000 WordPress Plugin Vulnerability Exploited Just 4 Hours After Disclosure
Over 100,000 WordPress websites have been exposed to a critical security vulnerability, following the public disclosure of a flaw in the popular SureTriggers plugin...
cyber security
Rogue Account‑Creation Flaw Leaves 100 K WordPress Sites Exposed
A severe vulnerability has been uncovered in the SureTriggers WordPress plugin, which could leave over 100,000 websites at risk.
The issue, discovered by security researcher...
Cyber Attack
50,000+ WordPress Sites Vulnerable to Privilege Escalation Attacks
In a recent cybersecurity development, over 50,000 WordPress websites using the Uncanny Automator plugin have been identified as vulnerable to a critical privilege escalation...
CVE/vulnerability
20,000 WordPress Sites at Risk of File Upload & Deletion Exploits
A critical security alert has been issued to WordPress site administrators following the discovery of two high-severity vulnerabilities in the "WP Ultimate CSV Importer"...
cyber security
Threat Actors Embed Malware in WordPress Sites to Enable Remote Code Execution
Security researchers have uncovered a new wave of cyberattacks targeting WordPress websites through the exploitation of the "mu-plugins" (Must-Use plugins) directory.
This directory, designed...
cyber security
Massive “DollyWay” Malware Attack Compromises 20,000+ WordPress Sites Worldwide
A significant malware operation, dubbed "DollyWay," has been uncovered by GoDaddy Security researchers, revealing a sophisticated campaign that has compromised over 20,000 WordPress sites...
CVE/vulnerability
Over 10,000 WordPress Sites Exposed by Donation Plugin Code Execution Vulnerability
A critical security flaw in the widely used GiveWP – Donation Plugin and Fundraising Platform has left over 10,000 WordPress websites vulnerable to remote code execution...
cyber security
WordPress Admins Warned of Fake Plugins Injecting Malicious Links into Websites
A new wave of cyberattacks targeting WordPress websites has been uncovered, with attackers leveraging fake plugins to inject malicious links into site footers.
These...
CVE/vulnerability
Millions of WordPress Websites Vulnerable to Script Injection Due to Plugin Flaw
A critical security vulnerability in the Essential Addons for Elementor plugin, installed on over 2 million WordPress websites, has exposed sites to script injection attacks via...
CVE/vulnerability
90,000 WordPress Sites Exposed to Local File Inclusion Attacks
A critical vulnerability (CVE-2025-0366) in the Jupiter X Core WordPress plugin, actively installed on over 90,000 websites, was disclosed on January 6, 2025.
The flaw...